08-13-2007 04:04 AM - edited 03-11-2019 03:56 AM
HI,
I am testing my FWSM for Multicast support.
i have made a test set-up..
The Multicast sendor is in "inside"(VLAN 10) & reciever is in "outside"(VLAN 203).
Both the interfaces are not created on MSFC. its only L2 Vlan on 6509E switch.
I tried all my normal application works but multicast is not working though i have configured following on FWSM:
multicast-routing
interface Vlan10
nameif inside
security-level 100
ip address 5.5.5.3 255.255.255.0
igmp join-group 239.255.1.1
pim
interface Vlan203
nameif outside
security-level 0
ip address 6.6.6.1 255.255.255.0
igmp join-group 239.255.1.1
pim
access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 6.6.6.0 255.255.255.0 log debugging
access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 224.0.0.0 240.0.0.0 log debugging
access-list outside_access_in extended permit ip 6.6.6.0 255.255.255.0 5.5.5.0 255.255.255.0 log debugging
access-list outside_access_in extended permit ip 6.6.6.0 255.255.255.0 224.0.0.0 240.0.0.0 log debugging
static (inside,outside) 5.5.5.0 5.5.5.0 netmask 255.255.255.0
access-group ins_out in interface inside
access-group outside_access_in in interface outside
end
Please suggest the problem & workaround.
Thanks in advance!
regards
IMG
08-13-2007 04:09 AM
I am not getting any log on syslog related to igmp query & reponse neither any hit from sending host not receiving host.
Please suggest what is pending ?
Thanks
IMG
08-13-2007 12:38 PM
Which software version r u running?
08-13-2007 07:45 PM
FWSM Version 3.2
08-13-2007 10:52 PM
Hi.
I think the problem lies in the ACL. Please change the ACL so that it points to specific multicast address..
access-list ins_out extended permit ip 5.5.5.0 255.255.255.0 host 239.255.1.1 log debugging
08-14-2007 01:40 AM
239.255.1.1 is the multicast address i am using..
08-14-2007 05:06 AM
I don't think the acl is the problem, 224.0.0.0/4 cover the 239.255.1.1.
What I'll try is just make sure that igmp is enable in the necessary interfaces but don't use the join option.
08-14-2007 05:16 AM
Thanks for replying!
I removed the igmp group command still not working :)
is there any thing i need to do on 6509 ?
note: there is no vlan interface on MSFC as these are L2 vlan on switch & SVI ips are used as Gateway for the computers's connected in these vlans.
please suggest !
Thanks in advance!
08-14-2007 06:11 AM
What is the output of
sh igmp groups
sh igmp interfaces
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide